How to remove Police Central e-crime Unit Ransomware (Virus Removal)

As of June 2012 two separate forms new ransomware titled Police Central e-crime Unit ransomware 1. Win32/Weelsof and 2. Win32/Reveton have been infecting numerous computers disguised as police units such as the Specialist Crime Directorate or Metropolitan Police. The Police Central e-crime Unit ransomware locks computer systems (as ransomware does), claims the operating system is locked due to a violation of laws per IP geographical location (most notably the UK), which may include distributing and visiting illegal pornography, such as child pornography, and zoofila, among other fake claims. The e-crime Unit virus then demands a fine of 100 Euro or $100 be paid by UKash or Paysafecard services.

■ The infection claims “Your computer also contains video files with pornographic content, elements of violence, and child pornography. Spam-messages with terrorist motives were also sent from your computer.” (please be aware these are false claims)

■ A demand for a penalty fine is made by the infection in order for infected systems to become unlocked and accessible again. “To unlock the computer you must pay a fine of 100 E” by use of Ukash or Paysafecard services.

The first variant belongs to the Win32/Weelsof malware family. Basically, it’s a Trojan that allows hackers to perform a number of actions on the infected computer. And they certain can launch such fake Police warnings as shown in the image below.

While Win32/Weelsof clearly targets the United Kingdom, the infection has spread to many other countries as well and is expected to progress, change, and adapt to other countries in the future.

2. Win32/Reveton

■ A fake alert from an online authority Specialist Crime Directorate stating the infected computer has been violating the law which states “Your computer is blocked due to at least one of the reasons specified below.”

■ You have been violating Copyright and Related Rights Law (Video, Music, Software) and illegally using or distributing copyrighted content, thus infringing Article 128 of the Criminal Code of Great Britain.

■ Article 128 of the Criminal Code provides for a fine of two to five hundred minimal wages or a deprivation of liberty for two to eight years.

■ You have been viewing or distributing prohibited Pornographic content (Child Porno/Zoofilia and etc). Thus violating article 202 of the Criminal Code of Great Britain.

■ Illegal access to computer data has been initiated from your PC, or you have been… (incomplete wording)

■ Article 208 of the Criminal Code provides for a fine up to E 100,000 and/or a deprivation of liberty for four to nine years.

■ Illegal access has been initiated from your PC without our knowledge or consent, your PC may be infected by malware, thus you are violating the law on Neglectful Use of Personal Computer. (No such law)

The second variant of Police Central e-crime Unit (PCeU) ransomware belongs to the Win32/Reveton malware family. The fake waning is different than the Weelsof version and much more sophisticated, claiming to be from Specialist Crime Directorate rather than Metropolitan Police.

Web cam control

When the infected computer user is taken to the fake Police Central e-crime Unit drive-by-download website, a video screen, which is streamed from the users connected webcam is displayed as “recording”. If you do not have a web cam connected the video screen will appear blank and will still show as recording.

How to remove The Police Central e-crime Unit virus

We have outlined different steps to remove The Police Central e-crime Unit ransomware virus for different progressions of the infection. Some infected users are still able to access the internet correctly, if this is the case please download the free version of Malwarebytes and proceed to scan and remove the Police Central e-crime Unit ransomware infection. Another simple solution is to restore your computer to a date and time before your computer became infected with the Police Central e-crime Unit ransomware Virus.

Police Central e-crime Unit ransomware removal options:
Different victims, depending on location and progression of the infection will require different removal options. Anti-Malware software and restore are the outlined solutions but may require different steps to achieve the initial process.

Police Central E-Crime Unit Virus Removal Tips

Use these tips to troubleshoot isssues facing the removal of the Police e-crime virus.

Manual Removal

Search for and remove Police E-Crime Virus Files. The files detailed below are common files associated with ransomware. [random] may represent a series of random letters and numbers such as 3jjda.exe or 111_0_0.exe.

The Police E-Crime Virus Process may be a series of random letters and numbers such as 3jjda.exe or 111_0_0.exe. Search for the Police E-Crime Virus Process by typing Ctrl+Shift+Esc and ending the located process under the Processes tab.

[random].exe

Deny Flash

Most ransomware exploits Java or Flash vulnerabilities to load the malicious code. In some cases denying or disabling flash on your system may suspend The Police Central e-crime Unit and enable the user to navigate through the infected system. If this not a necessity for removal, skip to the removal options below these steps.
To disable (deny) flash visit: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html
2. Select the “Deny” radio option
3. Proceed to a removal option (detailed below): Anti malware software scan and removal or system restore.

Safe Mode With Networking

Safe Mode with Networking is great for victims whose internet or network connectivity is compromised due to the fake police virus. These settings allow internet access in safe mode that can be utilized to troubleshoot issues such as manually remove the virus or download appropriate tools from the internet to scan for and remove the fake police virus.

This mode will also bypass any issues where Antivirus or Antimalware software has been affected because of the Police Central e-crime Unit infection’s overall progression.

1. We highly recommend writing down the toll free number below in case you run into any issues or problems while following the instructions. Our techs will kindly assist you with any problems.

2. Reboot your computer in “Safe Mode with Networking”. As the computer is booting tap the “F8 key” continuously to reach the correct menu. Use your keyboard to navigate to “Safe Mode with Networking” and press Enter. Shown below.

4. It is now recommended to download Malwarebytes and run a full system scan to remove the fake police malware, or manually remove the virus.

2. System Restore

Depending on the progression of The Police Central e-crime Unit ransomware virus, different steps may be needed to simply restore an infected computer depending on restrictions implied by The Police Central e-crime Unit infection. Outlined bellow are two different solutions. If you can not perform a start menu restore, proceed to the Safe Mode with Command Prompt restore instructions.

Start Menu Restore

Standard directions to quickly access Window’s System Restore Wizard.

1. Access windows Start menu and click All Programs.
2. Click and open Accessories, click System Tools, and then click System Restore.‌
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Restore your computer to a date and time before infection.

Safe Mode With Command Prompt Restore

If you can not access your operating system, this is the suggested step.
1. Restart/reboot your computer system. Unplug if necessary.
2. Enter your computer in “safe mode with command prompt”. To properly enter safe mode,repeatedly press F8 upon the opening of the boot menu.

3. Once the Command Prompt appears you only have few seconds to type “explorer” and hit Enter. If you fail to do so within 2-3 seconds, the FBI MoneyPak ransomware virus will not allow you to type anymore.

4. Once Windows Explorer shows up browse to:

Win XP:C:\windows\system32\restore\rstrui.exe and press Enter

Win Vista/Seven:C:\windows\system32\rstrui.exe and press Enter

5. Follow all steps to restore or recover your computer system to an earlier time and date, before infection to complete.
More information on Window’s system restore please visit:

Don’t usually comment on things like this but thank you for your expert advice!

Tip for anyone also having this issue: Try logging onto a different user (if you can) I logged onto another downloaded the free malware and that killed the virus from their account. I had 160 virus files in total!!

Using the free malware software was very quick and easy so I would recommend that as a good first option!

Your advice was priceless. Was expecting to at least have to take it to a local computer repairer but after following your simple instructions the virus was removed first time. It’s good to see that some websites can be trusted to give you helpful advice. Thank you.

Big Thanks Sean, I was so scared when the block poped up. I was in fact watching porn but not child porn, and thought that this accusation might have been accessed through other pop up windows. I did indeed buy UKash voucher of £100 entered it and the block went off after 25-30 minutes bringing my laptop back to normal, but never had I thought that it would be a virus as it looked so convincing and demanding

this virus infected my laptop yesterday on my account,i simply then logged into my girlfriends account which wasnt blocked with the virus and deketed my account and set up a new one,my laptop is working fine but is this virus still on it???

Thanks!!! that was great! i called a tech center and they wanted me to pay £200 to solve the problem. Thought that was excessive so googled the virus an found this page. Everything is sorted now for free!!!